Thanks, I tried in FF safe mode, but the problem remains.
As it is in all browsers (an none of them uses a proxy setting atm) I think it's not something from within the browser.
I just tried to ping google using cmd, time out, no alert. Does time out even when all shields are temporary disabled.
Pinging mail.google.com works though.
google.com resolves to 87.125.87.103...
A quick search (via encrypted google :-) ) brought up
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/Simda.FYikes. Backdoor:Win32/Simda?
In HKCU\Software\Microsoft\Windows\Currentversion\RunOnce I can't find anything though.
Two exe in %appdata%, neither avast nor malwarebytes find anything in them. They don't show up in the regestry, and not in any other or registry or autostart location (msconfig...). The only one I can't make any sense of is svtrev.exe but could be renamed.
A little confusing is that there's no evidence of a changed host file either.
Changing DNS to 8.8.8.8 for a moment brings the same result, so no router issue.
Odd, nothing changes even if using the roguekiller hosts/dns fix option. Just localhost/127.0.0.1 in the host-file anyway. It's location still is %SystemRoot%\System32\drivers\etc, i checked HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath
Odd.